CVE-2025-64094 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the Dnn.Platform content management system (CMS) prior to version 10.1.1. DNN, formerly known as DotNetNuke, is an open-source CMS built on the Microsoft technology stack, widely used for web content management. The vulnerability stems from insufficient sanitization of SVG (Scalable Vector Graphics) file content uploaded to the platform. SVG files can contain embedded scripts or malicious payloads if not properly sanitized. Although a previous vulnerability (CVE-2025-48378) addressed some XSS vectors related to SVG uploads, the fix was incomplete, leaving residual attack vectors exploitable in versions before 10.1.1. An attacker with limited privileges can upload a crafted SVG file containing malicious JavaScript code. When other users or administrators view the affected content, the embedded script executes in their browsers under the context of the vulnerable site. This can lead to theft of session cookies, unauthorized actions, or redirection to malicious sites. The CVSS v3.1 base score is 6.4, reflecting a medium severity level with network attack vector, low attack complexity, and no user interaction required. The vulnerability impacts confidentiality and integrity but does not affect availability. No public exploits have been reported yet, but the presence of an incomplete fix suggests potential for future exploitation. The vulnerability is fixed in Dnn.Platform version 10.1.1, which includes improved sanitization routines for SVG content to neutralize all known XSS attack vectors.

For European organizations using Dnn.Platform versions prior to 10.1.1, this vulnerability poses a significant risk to web application security. Successful exploitation can lead to unauthorized script execution in users' browsers, enabling session hijacking, credential theft, or unauthorized actions performed with the victim's privileges. This compromises the confidentiality and integrity of sensitive data managed through the CMS. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on DNN for public-facing or internal portals are particularly at risk. The vulnerability could be exploited to target employees or customers, potentially leading to broader network compromise or reputational damage. Since the attack requires only limited privileges to upload malicious SVG files, insider threats or compromised accounts could facilitate exploitation. The lack of user interaction requirement increases the risk of automated or widespread attacks once exploit code becomes available. Although no known exploits are currently in the wild, the incomplete prior fix and medium CVSS score indicate a moderate likelihood of future exploitation attempts. European entities should consider this vulnerability a priority for patching to maintain compliance with data protection regulations and cybersecurity best practices.

1. Upgrade all Dnn.Platform installations to version 10.1.1 or later, where the vulnerability is fully patched. 2. Implement strict file upload controls to restrict SVG uploads only to trusted users or disable SVG uploads if not required. 3. Employ additional server-side validation and sanitization of SVG files using specialized libraries that comprehensively neutralize embedded scripts. 4. Monitor web server and application logs for unusual upload activity or access patterns indicative of exploitation attempts. 5. Use Content Security Policy (CSP) headers to restrict script execution sources and reduce the impact of potential XSS attacks. 6. Educate administrators and content managers about the risks of uploading untrusted SVG content. 7. Conduct regular security assessments and penetration testing focused on file upload functionalities. 8. Implement multi-factor authentication and least privilege principles to reduce the risk of compromised accounts being used to upload malicious files. 9. Maintain up-to-date backups and incident response plans to quickly recover from potential breaches.